A management report by Audit Scotland has pinpointed 'significant weaknesses' following the introduction of a new financial system at Scottish Borders Council.
And in a foreword to the local authority's annual accounts for 2017/18, council leader Shona Haslam says: "Transition from legacy payroll, general ledger and procurement systems to Business World, an integrated Enterprise Resource Planning (ERP) system has been challenging whilst maintaining a ‘business as usual’ approach."
Audit Scotland, the public spending watchdog, replaced KPMG as SBC's external auditors. They will carry out more financial checks before signing off the latest set of accounts later this year.
But in their Management Report to be considered by the council's Scrutiny Committee the auditors outline a number of issues linked to the introduction of the ERP system.
The report explains that results of testing from audit work, and the work carried out by internal audit, has identified that there are significant weaknesses in the control environment following the implementation of the new financial system.
In addition, there is "planned functionality within the system that is not yet in place." There is a risk that errors or fraud may not be identified timeously due to weaknesses in controls.
A management response claims the control weaknesses identified are being addressed through an agreed action plan. Work is ongoing with CGI - the company handed a multi-million pounds contract by SBC - to ensure these are rectified. According to the report: "The plan agreed with CGI at Go Live should ensure that outstanding functionality relating to fixed assets and self-service reporting are encompassed in the CGI Contract."
Audit Scotland also report - "We reviewed the list of users with access to the Council Tax and Non Domestic Rates revenues system for appropriateness. We identified eight users with inappropriate access to the system due to changes in their role or no longer working for the council. There is a risk that individuals could have inappropriate access to revenues systems"
A section of the document headed Payroll Audit Reports says "In previous years, payroll staff used a daily ‘audit report’ of changes made to the system the previous day to check that all changes were supported by appropriate documentation.
"The new system does not allow an equivalent report to be produced. There is therefore no system generated report of changes available to allow payroll staff to check changes made to the payroll. There is a risk that unauthorised changes to payroll data may not be identified timeously."
An internal audit report included 18 recommendations to address identified weaknesses in the ERP system which covers four main areas:- procurement and payments (five recommendations); accounts receivable (two recommendations); payroll (one recommendation); financial ledger (eight recommendations); and two recommendations covering all modules.
Audit Scotland add "In addition
to the agreed recommendations, it was also noted in the internal audit report
that it has not been possible to fully test system user access due to limitations
in system reports and insufficient documentation regarding user roles and
access. A role review is underway to ensure that appropriate access is in place
for users.
"There are
also elements of Business World that are not yet operational, such as fixed
asset registers and self-service budgetary information. In these areas previous
systems and processes from before the introduction of Business World are being
used.
"Any
weaknesses identified represent those that have come to our attention during
the course of normal audit work and therefore are not necessarily all the weaknesses
that may exist. It is the responsibility of management to decide on the extent
of the internal control system appropriate to Scottish Borders Council."
No comments:
Post a Comment